Like Google, I've been battling the problem with authentication for many years. Google has come out with a clever idea of a wearable device to provide strong authentication. In short I applaud them, however, I don't see it succeeding much. Lord knows I hope I'm wrong. There are a few fundamental problems we have with consumer authentication. The first, and most problematic, is their lack of adopting new technologies to focus on security and authentication. Over seven years ago we had VeriSign release their VIP program with the likes of Ebay and Bank of America supporting them. A lot of consumers got the devices for OTP. Not a huge amount of buy in from consumers.

We did it again a couple of years ago when new banking laws came into effect and were required to provide two factor strong auth. Again it failed to adopt which resulted in fairly weak "2 factor" mechanisms being on the server side of banks. Where I agree that consumers need to adopt something to strengthen their defenses against compromised accounts, I don't see them adopting something on their side to do it.

I do think we need to strongly implement server side intelligence to mitigate the capabilities. Even driving to a well developed and formulated reputation system for all of our potential and active customers. Now this is something that isn't new either and has been implemented, with some success, in a lot of service environments. A lot of people have been claiming for years, well over 10 that I know of, that the password is dead. In absence of anything that the consumer is willing to adopt I don't see it happening. Perhaps a startup can help solve this innovation problem.

Somaini's Cyber Security Blog

Justin Somaini's personal views of Cyber Security policy, practices, threats and defenses. Justin is an active member of the industry and is passionate about how we can work and play in an increasingly digital world safely.